52 matches found
CVE-2025-14349
Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation. This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36...
CVE-2025-14349
CVE-2025-14349 affects Universal Software Inc. FlexCity/Kiosk prior to version 1.0.36. The issue is described as a privilege escalation caused by privileges defined with unsafe actions and missing authentication for a critical function, allowing access to functionality not properly constrained by...
CVE-2025-13979 Mini site - Moderately critical - Cross-Site Scripting - SA-CONTRIB-2025-117
Privilege Defined With Unsafe Actions vulnerability in Drupal Mini site allows Stored XSS.This issue affects Mini site: from 0.0.0 before 3.0.2...
CVE-2025-13979 Mini site - Moderately critical - Cross-Site Scripting - SA-CONTRIB-2025-117
Privilege Defined With Unsafe Actions vulnerability in Drupal Mini site allows Stored XSS.This issue affects Mini site: from 0.0.0 before 3.0.2...
PT-2026-5198
Name of the Vulnerable Software and Affected Versions Drupal Mini site versions prior to 3.0.2 Description A flaw exists in Drupal Mini site that allows for Stored Cross-Site Scripting XSS due to unsafe actions with defined privileges. This allows an attacker to inject malicious scripts into the...
PT-2025-54575
Name of the Vulnerable Software and Affected Versions Google Chrome affected versions not specified Description A user interface issue in Google Chrome may not adequately warn users about unsafe actions. Remote attackers could potentially bypass existing security restrictions by exploiting this...
Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability
Broadcom VMware Aria Operations and VMware Tools contain a privilege defined with unsafe actions vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this...
EUVD-2025-25767
Malicious code in bioql PyPI...
Privilege Defined With Unsafe Actions
org.apache.cassandra, cassandra-all is vulnerable to Privilege Defined With Unsafe Actions. The vulnerability is due to unsafe actions on a system resource, which allow a user with MODIFY permission on all keyspaces to escalate privileges to superuser within an Apache Cassandra cluster...
GHSA-5C4F-PXMX-XCM4 Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only)
Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on...
CVE-2025-26467
Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on...
AZL-66675 CVE-2025-26467 affecting package cassandra 4.0.10-1
Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on...
AZL-66698 CVE-2025-26467 affecting package cassandra 5.0.0-2
Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on...
CVE-2025-26467
Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on...
CVE-2025-26467
CVE-2025-26467 affects Apache Cassandra. A user with MODIFY permission ON ALL KEYSPACES can escalate to superuser via unsafe actions in a targeted cluster. Affected: 3.0.30, 3.11.17, 4.0.16, 4.1.7, 5.0.2. 4.0.16 remains affected because CVE-2025-23015 fix was incorrectly applied; upgrade to 4.0.1...
CVE-2025-26467 Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only)
Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on...
CVE-2025-26467 Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only)
Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on...
CVE-2025-26467
Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on...
CVE-2025-7030
CVE-2025-7030 affects Drupal Two-factor Authentication (TFA) module prior to 1.11.0. The root cause is a Privilege Defined With Unsafe Actions vulnerability that hinges on incorrectly configured access controls, allowing bypass of certain privilege checks. Affected versions range from 0.0.0 up to...
Microsoft Visual Studio initializeCommand Insufficient UI Warning Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...